The build of the full automation of CI/CD pipeline will be divided into three documents. This copy is the first of the three. It is only focus on the basic pipeline and deployment. The project itself is based on other’s work, therefore it lacks full understanding and customization and automation required. However, it will be a guideline to the second document which will solely based on self developed project and work toward understanding the rest. The last one will be the beginning to the production level workflow.
The following are things to be installed before the tutorial. The machine used here are specifically instructed for MAC user.
Minikube is a single node local Kubernetes distribution.
First to install latest minikube stable release on x86-64 macOS using binary download:
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64
sudo install minikube-darwin-amd64 /usr/local/bin/minikube
To initialize a Minikube cluster:
minikube start --container-runtime=containerd --driver=virtualbox --memory=4000
The default will occupied 2CPUs, 2GB of free memory, 20GB of free disk space.
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
sudo chown root: /usr/local/bin/kubectl
Note: Make sure /usr/local/bin is in your PATH environment variable.
kubectl version --client
Download the resource to your local space (preferably at home directory, and rename it to tekton_resource).
Then Create two new private Github Repositories (one is for coffee-testing/ [Application purpose] and the other for tekton-argocd/ [Gitops purpose]).
Push the local (coffee-testing/ and tekton-argocd/) to the Github using https. Note that recently github has change remote connection to github to use personal access token instead of your user password. To generate a personal access token, go to your account settings -> Developer settings -> Personal access Token -> Generate new Token -> Fill the note and Select all boxes -> Generate token.
This token will be your password when you connect to github repo using https.
Here we need to generate two public/private key pairs for our Application and Gitops repository.
cd ~/tekton_resource
ssh-keygen -t rsa -b 4096
# Enter file in which to save the key: tekton
# Enter passphrase: [press Enter/return]
ssh-keygen -t rsa -b 4096
# Enter file in which to save the key: gitops
# Enter passphrase: [press Enter/return]
cat tekton | base64
# copy the encoded version of the private key and paste it under data.ssh-privatekey of the tekton-git-ssh-secret.yaml
cat gitops | base64
# copy the encoded version of the private key and paste it under data.ssh-privatekey of the tekton-gitops.yaml
Go to both your github repositories. Under Settings -> Deploy keys, choose Add deploy key. Give a title (name does not matter) then copy the tekton.pub and gitops.pub and paste them under key section respectively. Remember to mark Allow write access and Add key.
To copy public key to your clipboard, you can use the following command:
pbcopy < [public key]
Again you need to create an account for docker hub with a repository and login before anything below.
kubectl create secret docker-registry regsecret --docker-server=https://index.docker.io/v1/ --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
You can save a copy by
kubectl get secret regsecret --output=yaml > regsecret.yaml
# remove metadata.creationTimestamp, metadata.namespace, metadata.resourceVersion, metadata.uid
To install the core component of Tekton, Tekton pipeline:
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
This will also set up a namesapce: tekton-pipelines. We will set it to current namespace by running
kubectl config set-context --current --namespace=tekton-pipelines
To run a CI/CD workflow, we need to provide Tekton a Persistent Volume for storage purposes.
kubectl apply -f pv_1.yaml
The following will ask Tekton to request a Persistent Volume of 7Gi with the manual storage class when running a workflow:
kubectl create configmap config-artifact-pvc \
--from-literal=size=7Gi \
--from-literal=storageClassName=standard \
-o yaml -n tekton-pipelines \
--dry-run=client | kubectl replace -f -
To install dashboard
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml
To run dashboard
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
Now you can access dashboard by http://localhost:9097
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Apply previous secret yaml file to kubernetes:
kubectl apply -f tekton-git-ssh-secret.yaml
kubectl apply -f tekton-gitops.yaml
kubectl apply -n tekton-pipelines -f regsecret.yaml
Setup service account which provides identity for processes that run in pods:
cd ~/tekton_resource/tekton-argocd/tekton
kubectl apply -f serviceaccount.yaml
Setup argocd environment:
First change spec.source.repoURL in argocd/argocd-app-systemtest.yaml to your gitops repository ssh url.
cd ~/tekton_resource/tekton-argocd
kubectl apply -f argocd/
Then apply registry secrets to systemtest environment
cd ~/tekton_resource
kubectl apply -n systemtest -f regsecret.yaml
First connect to argocd server and you can access dashboard through https://localhost:8081
kubectl -n argocd port-forward svc/argocd-server 8081:80
The default username and password to login is as follow:
Username: admin
Password : <kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d>
First go to /settings/accounts/tekton in the dashboard
Then click generate new token. In the command line copy the token string in the following command:
kubectl create secret -n tekton-pipelines generic argocd-env-secret '--from-literal=ARGOCD_AUTH_TOKEN=<token>'
Commit any change to github before continuing
Fill the following:
Respository URL: <<git@github.com:/Ninox-RD/GitOp>> # your gitop ssh url
ssh-private key: <<gitops>> # your gitops private key
It is not required to understand the settings below. This is only used by this specific project.
cd ~/tekton_resource
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.12.0 sh -
istio-1.12.0/bin/istioctl install --set profile=demo -y
cd ~/tekton_resource/tekton-argocd
kubectl apply -f pipeline/task-build-push.yaml
kubectl apply -f pipeline/task-deploy.yaml
kubectl apply -f pipeline/task-run-smoketest.yaml
kubectl apply -f pipeline/task-run-st.yaml
kubectl apply -f pipeline/pipeline.yaml
Now change buildRevision, appGitUrl, configGitURL, appImage of spec.params in pipelinerun/pipelinerun.yml.
To find commit number:
kubectl create -f pipelinerun/pipelinerun.yml
The pipeline will take about ten minutes to run. Be patient. Note the end result will have errors at the last step of task-run-st like the following. This is intended since I do not want to sort out application errors and instead focus on the pipeline setup.
Next document will be different example and will focus on completeness of automation pipeline and will have more visibility to the actual running application.